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/* TclIdSid 

Scans an ascii line and finds an ascii SID. (no validation though] 

* Inputs: 

* lineoftext 

* Returns: 

* ascii bin sid, if a sid is found it is returned. 

• > 
int TclIdSid(ClientData dummy, Tcl_Interp *interp, 

int argc, char **argrv) 

{ i 

char *sidp, *cp; 
interp->result [0] - 0; 

if (argc != 2) 
{ 

interp->result - "wrong ft args«; 

xeturn TCL_ERROR; 

) 

sidp * (char *) stratrUrgvll). 
if (sidp — NULL) return TCL_OK,- 
cp = (char *) strstr(sidp*l f «/-); 

if ((cp NULL) « (strlen( S idp) 1- 19)) return TCL_OX; 
if ((cp - sidp) return TCL.0K; 

stmcpy(interp->r C sult, eidp,19); 

interp->result [19) - 0 '' 

return TCL_OK; 

) 



/* 

* Register commands with interpreter. 

*/ ■ 

int SidSupInit(TctL - Xnt/erp *interp> 
{ 

Tcl_Crea C eCo ml nand(interp f -packsid", TclPackSid. NULL. MULL); 
Tcl_CreateComm£^d(i~terp, "unpacksid*. TclunpackSid . NULL, NULL); 
TcUreateCommand(interp, "unpacksidnovalidate- , TclUnpackSidNoValxdate . 

NULL, 

Tcl.CreateCo.manddnterp, "issid". TclIdSid. NULL, NULL); 

return TCL_OK.- 
I 
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* 

■ 



* compute_ihash — 

* Compute the'MDS .hash for the specified string, returning the hash as 

* a 32b xor of the 4 hash longvords. 



* Results: 

* hash int. 

* Side effects: 

None . 



I I, -,,<'< V 



int conipute_ihash(char *ctr) 
{ 

MD5__CTX rad5; 
unsigned char nash[l6] ; 
unsigned int *pl; 
unsigned int hasni = 0; 

MD5lnit(fand5) ; 

MD5U P date(&mds, str, strlen (str) ) ; 

MD5Final(hash, tmdS) ; 

Pi - (unsigned int *) ^ sh; 

hashi - *pi+ +; 
hashi ~ e *pi ++; 
hashi *pi ++; 
hashi *pl-n-;r 
retum hashi; 



/* 
* 



ticket. c 
* 

* Commands for TICKET. 

* Copyright 1995 t>y Open Market , Inc 

* All rights rese: 



* Thie ^T-nrietary and confidential information and 
This file contains pr°P rieL m 

* remains the unpuhlished property of Open Market, Inc. Use, 

* disclosure or reproduction is prohibited except as permitted by 

* express written license agreement with Open Market. Inc. 
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1 1-507752 



* Steve Morris 

* morris®OpenMarket . com 
* 

* Created: Wed Mar 1 1995 

* $Source: /omi /p ro j / ma ster/orahttpd/ At tic/ ticket, c, v $ 
*/ 

Bif l defined (lint) 

static coast char rceid{] «"$Hcadcr : /omi/proj / master /omhttpd/At tic /ticket . c, v 
2. 

' fcendif /*not lint*/ 

# include <stdio.h> | 
# include <sys /utsname - h>> 
* include •httpd.h- 

* include •mdS-h" 

# include • ticket. h" 

static TICKET Server TicketServerData ; 



* This file implements all the ticket/sid related functions for the server. 

* The region commands Requires ID and xxxxx can be used to limit 

* access to groups of files based on the authentication of the requestor. 

* The tvo commands are very similar, and only differ in the method used to 

* present the authentication data (via the URL) and in handling of the 

* failing access case. For failing TICKET'S, a -not authorized" message is 

* generated. For failing (or absent) SID's. a REDIRECT (either local or via 

* CGI script) is performed to forward the request to an authentication 



server . 
* 



* Requires ID domain 1 {docnain2 



domainn] 



This command denies access unless the specified properties are 

true of the request. Only one RequireSID or xxxxx command can 

be used for a given region, though it may specify multiple domains 



static int 



Pro cess Requires (ClientData clientData. Tcl_lnterp 'interp 

int argc, char -*argv, int flavor) ; 
Gtatic int DoraainNameCmd I ClientData clientData, Tcl_Interp *interp, 

int argc, char **argv> 
static int GetDomain (char *domname, int dflt) ; 



! 
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static char *GetAsciipomain Cchar *domname, char *dflt) 
static int . compute r_ihash( char *str) ; 
static char *coraputerHash(char "str) ; 
static char *GetSecrettir*t kid) ; 
static int GetKidByKeylD (char *keyID) 

static char *CreateSid(HTTP_Request *reqPtr, int doro, int uid, int kid, 

int exp , int uctx) ; 1 
static void f reeTicketReqData {void *dataPtr) ; 
static void DurapStatus (HTTP^Re quest "reqPtrJ ; 

static void TICKET_DebugHooks (ClientData client Data, char -suffix, 

KTTP_Request *reqPtr) ; 
static int Pa^seSid(HTTP_Request *reqPtr) ; " ;?: ' ,v 
static int ParseTicket (HTTP_Request *reqPtr) ; 
static char *f ieldParse (char *str, char sep, char **endptr) ; 
void TICKET_ConfigCheck() ; 
void DurapRusage (HTTP_Request *reqPtr) ; 



* TICKET^ReqiiireSidQad — 
* 

* Checks that the requested URL. is authorized via SID to access this 

* region. If the access is not authorized and vie do not have a "remote 

* authentication server" registered, then an "unauthroized message* 

* is returned. If a -remote authentication server" has been 

* declared, we REDIRECT to that server, passing the requested URL and 

* required domain's as arguments. 
* 

* Results : 

+ Normal Tel result, or a REDIRECT request. 
_ * 

* Side effects : 

* Either an "unauthorized access" message or a REDIRECT in case of 
error. 



*/ 

static inc TICKXT_RequireSidCmd (ClientData clientData, Tcl_Interp *interp. 

int argc, char **argv) 

( 

if (TicketGlotoalData{EnableSidEater) ) return TCL_OK ; 
return{ProcessRequires (clientData, interp,argc, argv, ticfcetSid) ) ; 

} 

* _ — — - _ . — ____ - - ~ ~ ** 
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* ProcessRequired 

* Checks tliat the requested URL is authorized to access this 

region. The error cases are treated differently for SID v.s. TICKET. 

* For Ticket's, an unauthorized access generates a returned error 
message. t 

* For SID's, we first look to see if we are operating in "local 
authentica 

mode-, if we are, we generate a new SID, into the URL and re-process 

the 

* If not in "local" mode, we look for the presence of a 

r emo teau thent i cat i 

server, if we have one declared (in the conf file) we REDIRECT to it 

pas j 

the FULL url and a list of domains that would have been legal. If 

the 

* authentication server was not found we return an error message. 
* 

* Results: 

Normal Tel result, a local reprocess command, or a REDIRECT request. 

* 

* Side effects: 

Either an -unauthorized access- message or a REDIRECT in, case of 

error . 

* ■ * • 

*/ 

static int ProcessRequiresCClientData clientData, Tel_Interp *xnterp, 

int argc, char **argv, int flavor) 

I 

KTPP_Request -reqPtr = <HTTP_Reqeust *) client Data; 

HTTP_Server *servcrPtr ; 

TICKET_Request * ticketPtr; 

DString targetUrl; 

DString escapeurl; 

inc i, re qui re d — docn ; 

int £ irstLegalDom — -1; 

char 'NeuSid, *cp; 



DStringlnit ( fictaxrgetUrl } ; 
DStringlnit (tescapeUrl) i 



and ticket specific extension data */ 



/• fetch the server private 
serverPtr - rcqPtr«>serverPtr ; 

ticketPtr = ( TICKET_Reques t *) HTjQetReqExtData (reqPtr 
TicketServerData . tic 

ASSERT (ticketPtr I s NULL); 
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/• compare the requesting SlD/Ticket<DOM> to authorized list of domains */ 
/* a match OR any valid domain and a required domain of TicketFreeArea is 
su ' 

for (i . 1; i K . argC ; 
{ 

requi red_dora - QetDomain ( ar^v [ i ] - 1 ) ; 
(required dom I* -1) 

( 

if (firstLegalDom — f irstLegalDom = required_dom ; 
if ( (ticketPtr->sidI»cn =« required_dora) I | 

(ticketPtr->valid « <ticketPtr->sidDom !- tI) tft 

<required_dom == TicketGlobalDafca (FreeAreaM ) |1 •,-„. 
( CticketPtr->tlcketDom == required_dom) fct 
(time(O) <- t icketPtr->ticketExp) fc& 
((DStringlen ? th(&cicketI»tr->ticketIP) - 0) || 

(strcmp(DStringValue (tticketPtr->ticketIP) , DStringValue UreqPtr- 



>r 



) 

{ 



} 

} 



DStringFree (itargetOrl) ,- 
DStringFree (tescapeUrl) '" 

return TCL_OK; 
} 



/* count the number of domain crossing that caused re-auth */ 

if < (flavor ticketSid> ** (ticketPtr-> S idDo,n) !=-!) IncTicketCounter (Cou 

/• authorization failed, if Cilia was a sid url. and local auth is enabled */ 
/* or this was an access to the free area */ 

/* insert a new sid in the url. and REDIRECT back to the client 8? 

if <TicketGlobalData(Enabl« I ^ >caIAuth> !l 

< (f irstLagalDo™ — TicKctGlobalData tPreeArea) ) 

(flavor =. ticketSid) " (f irstl*galDom != -1>>) 

{ 

if ((DStringLength(fcre«3P«-' urU ! " 0) " 

(DStringValue (tr-eqP"- >url> [0} !■'/'>) 

{ 

HTTP_Error(reqetr, NOT_FOUND, "access denied due to poorly formed url'M; 

DStringFree (ttargeturl ) i 
DStringFree (iescapeUrll ' 

If (!ticketPtr->vali <i ' 

DStringFree(&ticJcet.Ptr->sid) ; 

return TCL RETURN ; 
) 

Newsid creates id (reaper. 
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firstLegalDom, ticketPtr->uid, 

TicketGlobalData (CurrentSecret ) , TicketGlobalData ( Local AuthExpl 

ticketPtr->uctx> ? 
DStringFree UticketPtr->sid) ; 
DStringAppend(tticketPtr->sid l NevSid, -1); 

CotnposeURL { reqPtr , DS tringValue ( treqPtr- >ur 1 } , ttarge tUr 1 ) ; 

IncTicketCounter{C6untLocal Redirects); 

HTTP_Error* reqPtr, REDIRECT/ DStringValue ( ttarg^tUrl )) ; 

DStringFree ( ttargetDrl) ; 
DStringFree ( tescapeUrl) ; 
if U ticketPtr->valid) 

DStringFree(tticketPtr->sid) ; 

return TCL_RETORN; 
} 

/* authorization failed, build the REDIRECT TOL arg's. */ 
/* If present, REDIRECT to authentication server */ 

if ( (DStringLengx.h(&TicketGlobalData(AuthServer) ) != 0) && (flavor « ticket 
{ 

if ( (DstringLength(&reqPtr->url) - 0) 

(DStringValue (&reqPtr->url> (0) !• 7')) 

< 

HTTP_Error ( reqPtr , NOT_FOUND, 'access denied due to poorly formed url"! ; 
DStringPree ( ttargefcUrl) ; 
DStringPree ( tescapeUrl) / 
if (!ticketPtr->valid) 

DStringFree <&ticketPtr- >sid> 

return TCL_RETURN ; 
) 

DStringAppend (&targetUrl, DS tringValue (fcTicketGloba iDat a (AutnServer) ) . -1) 
DStrin 9 Append(&targetUrl, ■?url-". -D ? 

ComposeURL(ceqPtr , DStringValue <&reqPtr- >url) , tescapeUrl) 
EscapeUrl (tescapeOrl) ; 

DStringAppend (&targetUrl . DStringValue <&escapeUrl> , -1) ; 

DStringAppeal <&targetUrl, " fcdexnain-- , -1) ; 

DStringTrunc (&escapeUrl , 0>; 

DStringAppend (tescapeUrl. " {*• 
for i < argc . i + 

{ 

cp - G€tAsciiDomaLn»argrvti] » NULL); 
if (cp != NULL) 
{ 

DStringAppend (ficescapeUr-1, cp, -1) ; 
DStringAppend (tescapeUrl. " -D s 
) 

1 
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DStringAppend (tescapeUrl , • } " » 

EscapeUrl (tescapeUrl) ; ' 
. DStringAppend (ttargetUrl .DStringValue (fcescapeUrl) . -1) ; 

DStringFree (&esca£eUrl ) ; 

HTTP_Error(regPtr, REDIRECT, DStringValue (& targe tUr 1) ) ; 
IncTicketCounter(CountRetnoteRedirects) ; 

DStringFree ( ttargettlrl ) ; 
if ( i ticketPtr-> valid) 

DStringFree { &ticketPtr->sid) ; 
return TCL_RETURN,- 
} 

/• authorization failed, if this is a ticket access, decode the */ 
V* reason and handl via a redirect to a handler, or punt a */ 
/* no access message */ 

if ((flavor — ticketTicket ) t* (firstLegalDom 1 = -1) fct (ticketPtr->ticketD 
{ 

/* check For IP address restrictions */ 

if < (DStringLength(fcticketPtr->ticket IP) !« 0) && 

(DstringL«ngth(6TicketGlobalData(TicketAdrHandler) ) 0) 

(strctnp (DStringValue (tticketPtr- >ticketIP> , DStringValue (&reqPtr->retno 

i 

DStringAppend Utargeturl, DS tringValue(&Ticket Global Da t a (Tic ketAdrHandle 
DStringAppend (ttargetUrl, DStringValue <&ticket Per- >fie Ids) , -1) ; 
DStringAppend UtargetDrl, "fairl-". -1) ; 

DStringAppencK&targetUrl, DStringValue < treqPt r- >url ) . -1) ; 
IncTickecCounter(countTicKetAddr) ; 

HTTP_Error (reqPtr, REDIRECT, DStringValue ( ttargetUrl )) ; 
DStringFree UtargetUrl) ; 
return TCL_RETURN; 
} 

/* check for expired tickets */ 
if (tiroe<0) > ticketPtr- >CicJcetExp) 
{ 

DStringAppend UtargetUrl , DStringValue ( StTi eke tGlobal Data [ Ticket ExpHandle 

DStringAppend { fctarge tar 1, DStringValue (fcticketPtr- >fields) . -1) ; 

DStringAppend UtargetUrl, *&url=" , -1) ; 

DStringAppend Utargeturl, DStringValue (treqPtr- >url) . -1) ; 
IncTicketCounter (CountExT>iredTic)cet) ; 

HTTP_Error (reqPtr, REDIRECT. DStringValue UtargetUrl) ) ; 

DStringFree (ttargetUrl) ; 
return TCL._return; 
} 

} 
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/* no handler, punt a message */ 

HTTP_Error (reqPtr, FORBIDDEN, "access denied by Require ticket/sid region 

CO 

IncTicketCounter (countNoRedirects) ; 

if ( lticketPtr->valid) 
DStringFree(&ticketPtr->sid) ; 

DStringFreeUtargetUrl) ; 

DStringFree(&escapeUrl) ; 

return TCL_RETURN ; 

} 

/* 

+ . — — 

* Get (Ascii) Domain — 

* These routine performs an ascii to binary domain name lookup, 

* indexed by /key') from the server's domain name catalog. Name/number 

* pair's are loaded into the catalog at configuration time with the 

* with the "Domain" conf iguxation command. The Ascii version returns 

* a pointer to a character string that represents the domain number. 

* The non Ascii version returns an integer representing the domain number. 

* • 

* Results: 

* Integer value of domain. If no domain is available, returns deflt. 
★ 

* Side effects: 

* None. 
•* 

■* 

*/ 

static iat Get Domain (char * dotnname , int deflt) 
{ 

HashEntry *entr*yPtr ; 
DString DomNarae j 

DS t r ing In i t { &DomNaroe ) ; 

DS tring Append ( &DomNaine , dotnname, -1); 
strtolower ( DString Value (tDomName) ) ; 

entryPtr = FindHashEntry ( tTicketServerData .Domains, 

DStringvalue<&DoraName) ) ; 
DStringFree (tDc*tnName) ; 
if (entryPtr = = NULL) return deflt; 
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return (int) GetHashValue (entryPtr) ; 

} . • ' 

static char * GetAsciiDomain {char *dotnname, char *deflt) 

{ 

HashEntry *entryPtr; 
static char buffer [641 ; 
DString DoraNarae; 

DStringlnit (&DomName) ; 
DStringAppend (DomNarae , domname, -1) ; 
strtolower (DStringValue (&DomNatne) ) ; 

entryPtr - FindHashEntry (tTicketServerData. Domains, 
DStringValue ( tDoraKame) ) ; 
DS t ring Free ( tBomName } ; 
if (entryPtr == NULL) return deflt; 

sprint f (buffer, , (int) GetHashValue (entryPtr) ) ? 

return buffer? 

} 

/* 

*- ■ * 

* ' 

* TICKET_Inser tLocalS id 
* 

* Given a TTPT-. inspect it to see if it refers to the local server/port 

* if it dees, and it does not already contain a SID. insert one if 

* the current request included one. Note, for port 80 access we look 

* for a match with and without the port specifier. 
* 

* Results : 

* None. 
* 

* Side effects: 

A SID may be inserted into the URL. 



void TICKET_InsertLocalSid(HTTP_RequesC +reqPtr, DString *result) 
{ 

KTTP_Server * serve rPtr ; 
T I CKET__Reque s t * ticket Ptr; 
char trap [321 ; 
DString patternl; 
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DString pattern2; 

DString tinp_url; 

DString *hitPattera * NULL; 

ticketPtr = (TICKET_Request *) HT_GetReqExtData (regPtr, 
TicketServerData. tic . * 

if (ticketPtr == NOLL) return; 

« 

server Ptr * reqPtr- >serverPtr ; 

DStringmit<S$>atternl) ; 
DS t r inglni t < &pa t tern2 ) ; 
DStringlnit (&trap_url) ; 

DStringAppend(&patfcernl. "htfcp : -1) ; 

DS t ring Append { tpatternl , DStr ingValue ( fcserverPtr- > s erverName) / - 1 ) ; 
DStringAppend(fcpattern2. DStr ingValue (tpatternl) , -1} ; 
sprintf ( tmp, " : Vd* , serverPtr- >server_port) ; 
DS t r ingAppend ( tpat t e ml , tmp , - 1 ) ; 

if { (DSt ringlrength (result) >- DStringLength ( ftpatternl) ) && 
(stmcasecit5>(DStringValue{tpatt€nil) , DStringValue (result) , 
DStringLengt hitPattern - tpatternl; 
else 

if ( (serve rPTR- ->server_j>ort == 80) &t 

( DS t r ingLeng th ( r esui t ) > = DS tringLength ( &pa t tern2 ) ) & & 
(strncasecrnp (DStringValue (icpattern2) , DStringValue (result) , 

DStringLength hitPattern + &patteru2; 

if (hitPattern » NULL) 
{ 

DStringAppend(&tmp_url. DStringValue (hitPattern) , -1; 
DStr ingAppend (ttnp_url . DStringValue UticketPtr- >sid) , -1) ; 
DStringAppend(&tmp url. tDStringValue (result) 
CDStringLength (hitPattern) ] . 
DStringFree (result) ; 

DStringAppend (result , DStringValue I fctmp_url) ( -1): 

DStringFree (ttinp^url) ; 

} 

DStringFree ( &patternl ) ? 
DStringFree ( &p at tern2 ) ; 
DStringFree (& tmp_url) ; 

} 

/* 
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» creaceSid -- 

•I 

■ 

This routine, takes the passed arguments and creates a sid 

* Results: 

* A sid. 

* Side effects: 
* 

* - . 



char * creates id (HTTP_Reques t 
inn uctx) 
{ 

int bsidtSj « {o,0,o}; 
char teinp — str [512] ; 
DString hash; 
int act_hash; 
static char sid [64] ; 
unsigned int expire_time; 
char *secret; 
char *hashP; 
char *cp; 

unsigned char *ecp; 
uns igned int eda ; 
int endian - 1 ; 

DString Init ( &hash> ; 
expire_time =time (0) + exp; 



r reqPtr, int dom, int uid, in t kid. int exp. 



put_sid (dom_lw , 
put__sid { uid__lw , 
put_sid (kid_lw , 
put__s id ( exp_lw , 



dotu_jpos , 
uid_ pos , 
kid_j>os , 
espjjos, 



(e3cpix-e_tiitie>>exp__shf t_arat } ) 

put_sid(uctx_lw. ucticjjos, 
put_sid(rev_lw, rev _j>os . 



dom_iuask r 
uid__niask, 
kid_tuask f 
e3<p_mask, 



doin] ; 
uid) ,- 
kid) ; 



uctx_mask ( uctx) ; 

rev mask, sid rev zero) ; 



secret = GetSecret I kid) ; 
ASSERT (secret • - NULL) ; 
DStringAppend (&hash, secret, -1) ; 
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DS t ring Append (&hash, DStringValue (&reqPtr->remoteAddr ) , -1; 

sprintf (teinp_str, n *0Qx*0Bx ,, t bsid [2] ,beid[ll ) ; 

DStr ing Append (tnash, texnp__str , -1) ; 

/* format of the hash string is VsVs*O8x*0£x n , 
secret, ip__addr,bsidC2 { , bsidCl 

hashP ss DStringValue <&hash) ; 

act_hash «= coinpute_ihasli (hashP) ; 

while {*hashP ! « 0) *hashP++ = 0; 

DStringFree (&hash) ; 
/•* f ix_endian(&act_hash, ecp, eda) ; */ 

-put — sid(sig_lw, eig_pos, sigjraask, act_hash) 

/* fijc_endianC&bsid[0] , ecp, eda); */ 
fix_endian(tbsid[l] , ecp r eda); 
f ix_endian*£bsid(23 # ecp r eda) ; 

#if (1 == 0 

DumpSidl) ; 
#endif 

cp ~ radix64encode__ noslash ( (char- *) bsid # 12) ; 
strcpy<sid, SID^prefix) ; 
strcat (sid, cp) ; 
free (cp) ; 
return i sid) ; 

} 

/* 

* . . . . — > — - — 

* cornpute_hash — 
+ 

* Compute the MD5 hash for the specified string, returning the hash as 

* a 32 b jcor of the 4 hash longvords . 

* Results i 

hash int . 
* 

* Side effects: 
None . 
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static int compute ihash(char *str) 
{ 

MD5_CTX mdS; ' 
unsigned char hash [16] ; 
unsigned int *pl? 
unsigned int hashi = G ; 

MDInit (firadS) ; 

MDUpdate{&md5, (unsigned char *) str, strlen(str) ) ; 

MDFinal (hash, &rad5) ; 

pi « (unsigned int *) hash; 

hashi - *pl+4-; 
hashi ~= *pl++; 
hashi ~= *pl++; 
hashi *= *pl+-*-; 
return hashi; 

} 



* computeHash -- 

* Compute the MD5 hash for the specified string, returning the hash as 

* a 32 -character hex string. 

* Results : 

Pointer to static hash string. 

■ * ' 

* Side Effects: 

* None. 



static char * computeHash {char *str) 

{ 

int i; 

MD5_CTX mdS ; 
unsigned char hash [16] ; 
static char hashstr[3 3] ; 
char *q; 
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MDSInit(tadS) ; 

MD5Update(£md5, (unsigned char *) str, strlen(str) ) ; 
MD5 Final (hash, &md5) ; 
q = hashstr; 
for(i=0; i<l6; i++ { 
sprintf(q, «*02x*\ hashlil); 

g +« 2; 

} 

return hashstr; 

} 

/* 



* TICKET_ParseTicket 

* Called by dorequest. before any region commands or mount handlers 

* have run. We parse and handle incomeing sid' s and tickets. 
+ 

* Results: 

* None . 

* Side effects : 
* 

*. ' ■ 

*/ 

int TICKET_ParseTicket ( KTTP^Request *reqPtr> 
{ 

int status « KT_OK; 
IncTicketCounter { CountTo talUrl ) ; 
status = ParseSid(reqPtr) ; 

if (TicketGlobalData (EnableTicket) (status KT_OK) ) status = 
ParseTicke return status; 

} 

/* 

* ^ — — - — - - 

* 

* ParseSid -- 
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* Called by TICKET ParseTicket, before any region commands or mount handle 

* have run. We parse and handle income ing sid's. 

* » ' 

* Results: 4 

* None. 
* 

* Side effects: 



* 



int ParseSid(HTTP_Reguest *reqPtr) 
( 

TICKEICT_Request *ticketPtr; 
HTTP^Server * server Ptr; 
DString hash; 
Int i; 

char *cp, *cpl ; 

int *bsid*NULl l , act_hash; 

unsigned int cur_tim, tdif, exp_tim; 

char *secret; 

char ten5)_strfSX2] ; 

char *hashP; 

int sid__©k - 0; 

unsigned char *ecp; 

unsigned int eda ; 

int endiaji = 1; 

int ipl < i P 2 i ip3 / ip4; 

/" fetch the server private ticket extension data */ 

/* note that this sets up a default ticket block for both SID' s and Ticket a 
serverPtr « regPtr->serverPtr ; 

ticketPtr = (TICKET Request *> HTJSetReqExtData (reqPtr. TicketServerData . tic 
ASSERT (ticketPtr » NUIiI*) : 

ticketPtr. (TICKET Request *) Malloc (sizeof (TICKET Jie quest ) ) ; 

HT^AddReqExtData (reqPt r , TicUtServerData . t icketExtens Lonld , t icketPtr , £ ree 

DStringinit(&cicketPtr->rawUrl) ; 

DStringInit(&tick«tPtr->sid> ; 
DStringInit(&ticketPtr->f iel<is) ; 

DStringlnit (STicketPtr- >sig^ ature) ; 
DScringinic(&TicketPC2T->tiick:eClP) ; 

ticketPtr- > valid — O ? 

ticket Ptr->sidDotn 
ticketPtr->ticketDom « - 1 • 

ticketPcr->ticket£xp 
ticketPtr- >uid • o 
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Ticket Per- >uctx = 0; 

sscanf (DStringValue UreqPtr->reraoteAddr) , -%d.%d.%d.%d- , fcipl, tip7, fcip3 , & 
ticketPtr->uid = < ( (ipl+ip2) «24) 1 ( ( ip3+ip4 ) <<16) [ (randO & OxFFFF) ) ,- 
ticketPtr->uctx = 1; 

/* we are done if aids are not enabled, or this url does not have a sid */ 

if { I (TicketGlobalData (EnableSid) ) ) return HT_OK; 

cpl « DStringValue (&reqPtr->url," 

if (strstr(cpl, SID prefix) i * cpl) 

return htjdk; 
if (strlen(cpi) «= sidLength) 

{ 

DStringAppend ( tregPtr- >ur 1 . ■ / " . -1 ) 
DStringAppend(&reqPtr->patn, •/"> -1) ; 
cpl = DStringValue(&reqPtr->url) ; 

} 

cp « strchr<cpl+sizeof (SlDjprefix) , '/') ; 
if ((cp - cpl) sidliength) 

return HT_OK ; 
IncTicketCounter (CountSidUrl) ; 

DStringlnitK&hash) ; 

/* if sid eater is enabled, rewrite the url without the sid, and reprocess t 
if (TicketGlobalDat (EnableSidEater) ) 
{ 

DStringAppend (thash. DStringValue ( fcreqPtr->url] , -l> ; 
DStringFree (reqPtr- >uri) ; 

DStringAppend(&reqPtr->url, DStringValue (&hash) fchaah)* sidLength, -1} ; 
DStringTrunc(khash, 0) ; 

DStringAppend(&nasn, DStringValue t&reqPtr- .path) , -1); 
DStringFree (treqPtr- >patn> ; 

DStringAppend (fcreqPtr- >path, DStringValue ( ithash) -i-sidLength. - 1 ) ; 
DStringFree ( &hash) ,- 

IncTicketCounter (CountDiscardedSidUrl) 

return HT_ok,- 

} 

DStringAppendUticketPcr-»sid. DStringValue (fcreqPtr- >url) . sidLength); 

/* first convert the SID back to binary*/ 
i * DStringLength(fcticketPtr->sid) -3; 

bsid - Cint *) radix6 4decode_noslashtDStringvalue { &ticketPtr->sid) +3. i, &i> 
iif ( (bsid ss= NXTLL) II U ! * l2> ) Soto rtn.exit; 

f ix_endian(&bsid [O] , ecp, eda) ; 
fix_endian(fiJbsid[l) . ecp, eda) ; 
f ix_endian<&bsid(2] ecp, eda) ; 
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/* check the SID version ■ field */ 

if (get_sid(rev^lw, rev_pos, rev_raask) ! - 6id_rev_«ero) goto sid_bad ; 
if (get_sid (rsrvl_lw, rsrvl^pos^rsrvl^mask) \ - 0) ) goto sid bad; 
if (get_sid (rsrv2_lw, rsrv2_pos . rsrv2_mask) ! + 0J goto sid_bad; 

/* Get a pointer to the secret */ 

secret = GetSecret {get_sid(kid_lv, kid_pos,kid_mask) ) ; 
if (secret *»» NULL.) goto sid_bad; 

■ < 

/* hash the sid and check the signature*/ 
DS t ring Append ( thash , secret, -1); 

pi* 

DStringAppend( thash, DStringValue(treqPtr- > remote Addr) , -l) ; 
sprintf (tenp^str, "*08xV08x* , bsidt2J ,bsid{l] } ; 
dstringAppend { thash , temp_str # -1) ; 

/* format of the hash string is Vs*s*O8x*08x" , secret , ip_addr,bsid [2] , bsid [1 

hashP = DS tringvaluet thash) ; 
act_hash * compute_ihash(hashP) ; 
while (*hashP J- 0) *hashP== 0; 
f ix_endian (tact_hash, ecp, eda) 

if (actjaash Is get_sid(sig_lw, sigjos. sig_n*ask) ) goto sid_b-ad ; 

/* is is ok, may be expired, but good enough to id user */ 
ticketPtr->uiid « get_sid (uid_llw,uid_pos, uid__mask) ; 
ticketPtr->uctx = get__sid {uctx_lw,\jCtx_jJos. uctx_mask) ; 

/* do the SID experation processing*/ 
our_tim = (time <0 J >>exp_shf t_amt) & exp_tnask; 
expp_tim i= get_sid{exp_lw, exp j3os f exp_mask) 
tdif = (exp_tirn - cur_cim) t Oxffff 
if (tdtC > OXlff f ) 
{ 

IncTicketCounter (count ExpS id) ; 

goto sid^exp ; ■ 

} 

/* sid is fine, save the sid state, update the url's */ 
ticketPtr->sidDom = get_sid (dom_lw, dom_pos ,dom_maslc) ; 
ticketPtr~>valid = 1 ; 
s id_ok = 1 ; 

IncTicketCounter (CountValidS id) ; 
sid_bad : 

if ( I (sid_ok) ) IncTicketCounter (Count Invalids id) ; 
sid_exp : 

DStringAppendf&ticketPcr- >rawUrl , DStringValue ( &reqPtr->path) . -l); 
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DStringTrunc (&reqPtr->path. 0); 

DStringAppend(&reqPtr->path, DStringValue (&ticketPtr.->ravDrl) +sidLength, -1} 
DStringTrunc (fcticketPtr- >rawUrl , 0); 

DStringAppendUticketPtr->rawUrl, DStringValue ( fcreqPtr- >url) , -1) ; 
DStringTrunc <&reqPfcr->url, 0) ; 

DStringAppend(treqPtr->url, DStringValue (^ticket Ptr-srawUr 1 J +sidLength, -1) ; 

rtn_exit: 

DStringFree { &hasH) ; 

if (bsid Is NULL) free (bsid); 

return HT_OK; 

} 

i 

* - — — — - — 

* freeTicketReqData 
* 

* This routine frees the storage ueed by ticket specific request 

* data . • 
* 

* Results: 

* None - 

* Side effects: 

. * Memory freed. 
* 

« — — 

*/ 

; tatic void f reeTicketReqData {void ♦dataPtr) 
{ 

TlCKET_Request *ticketPtr = dataPtr; 
DStringFree <&ticketPtr- >rawOrl) ; 
DStringFree (tticketPtr- >s id) ; 
DStringFree { &ticketPtr~ >f ields ) ; 
DStringFree (&ticketPtr->signature) ; 
DStringFree { fcticketPtr- >t icket IP) ; 
Eree InieketPtr) ,- 

1 

/* 

* — - - — — — — ------- 

* GetSecret 

* Given a binary keylD, returns an ascii secret from the 
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* secrets store . 

* for untranslatable names, return NULL 

♦ 

* Results: 

* "I've got a secret, now you do too" 

■ 

* 

* Side effects: 



•/ 



char *GetSecret (int kid) 

{ . 

UashEtitry ■ entry Pfcr; 

entryptr + Fln.dHa.shEn try ( &TicketServerData . Secrer_sKid , (void +) kid) 
if (entryPtr «= NULL) return NULL/ 

return DStringValue ( ( (DSt ring * ) GetHashValue (entryPtr) ) ; 



GetKidByKeyXD 

Given an asoii fceylD return the binary Key ID 
for untranslatable names, return -1 . 

Results: 

"I've got a secret, now you dp too" 
Side effects : 



int Get.KidByKeyID(char *keyID) 
{ 

HashEntry *entryPtr; 



entryPtr - FirvdHashEntry (* tTicketServerData . KeyID< (void *) keylD) ; 
if (entryPtr .mm NOLL) return -1; 
return (int) GetHashvalue (entryPtr) 

I 
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* . " 

* fieldParse -- 
* 

* Given a string, a separator character, extracts a field up to the 

* separator into the result string. 

* Does substitution on '*XX' sequences, and returns the pointer to the 

* character beyond last character in '*endptr'. 
* 

* Resul ts : 

* Returns a malloc'ed string (caller must free) , or NULL if an 

* error occurred during processing (such as an invalid '** sequence). 

I 

* Side effects: 

* None . 
* 



*/ 

tfdefine SIZE_INC 200 

statiic char *f ieldParse [char *str, char sep, char **endptr) 
{ 

char buf 1 3 3 ; 
char c; 

char *end, Mata, *p; 
int inaxlen, len; 

len - 0; 

niaxlen = SIZE_INC; 

p = data = ma Hoc (maxlen) ; 

/* 

* Loop through string, until end of string or sep character. 
*/ 

while <*str *str i- sep) { 
if <*str =='%'){ 

if ( ! isxdigitUtrC U) > | | ! isxdigi t (str [2] ) ) { 
free (data) ; 
return NULL; 

) 

buf {0) = str U3 ; 

buf 11] * str [2] ; 

buf [2] = '\0'; 

c = strtoKbuf. tend, 16); 

str + a 3; 
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} else if <*str '+') {> 

c - , , , 

str++; 

■I 

} else 
c = *str++; 

*p++ - C; 

if (len maxleii) { 
maxlen += SIZE_INC; 
data ■ rea Hoc (data, maxlen) ; 
p - data + len; 

) 

) 

*endptr * str; 
return data; 

/* 



* DomainNameCmd - - 

* A call to this routine, builds the ascii domain name 

* to binary domain name maping structure for a numeric domain. 

* Syntax is Domain number name 1 name 2 narae3 name . - . narne_Jlast 

* At least one name is required. The number is decimal and 

* can be any value except -1. -1 is reserved as a marker 

* for untranslatable names. 

.* 

* Results: 

* None . 

* Side effects : 

* Commands are validate, and entries added to the map 
* 

* - - 

*/ 

static int DomainNameCmd (Cl ientData clientData, Tcl_Interp *interp, 

int argc, char **argv) 

{ 

int new. i; 

HashEntry *entryPtr; 
int DomNumber; 
DString DomName ; 
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if (argc <3) 

{ ■ 

Tcl_AppendResulc (interp, argv[o], n directive: wrong number of ■ 

"arguments, should be A"3\' - ( 
( char * ) NULL) ; 
return TCL_ERROR; 

} ' .' 

DStringlnit (tDomName) ; 

if ( ( (sscanf {argv[l] , "Vd", ficDotnUuraber) ! = 1 || (DorcNumber — -1))) 
{ 

Tcl_AppendResult (interp , argv[0] , - directive: " » 

"Domain number must be an integer, and not equal to -1*, 

value found was ",argvU3. 
(char *) NULL) 

return to TCL_ERR0R; 

} 

for (i = 2; i < argc; 

{ 

DStringFree (tDomName) ; 
DStringAppend (tDotrtName, argvti] , -l) ; 
s t rt o 1 ower ( DS t r ing Va lxie < SdDocnNanie ) ) ; 

entry Ptr - CreateHashEutry (fcTi eke tServerData .Domains, DStringValue 

if (new ==: o) 
{ 

Tcl_AppendResult (interp, argv[0] , w directive: 

•Duplicate domain name specified, argvti) , 

(char *) NULL) ,- 
return TCL_ERROR,- 

} 

SetHashValue<entryPtr. DomNutnber) ; 
) 

DStringFree (&DocnMame> ; 
return TCL_OK; 

> 



* SecretsCmd - - 

*■ 

* A call to this routine, builds kid to secrets table 
* 

* Results : 
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* None . . . i 

* Side effects : 

* Secrets are stored. 

* „ « 

static int SecretsCmd (ClientData clientDate, Tcl_Interp *interp, 

int argc, char **argv) 

{ 

int newKid.nevKeylD; 

■ 

HashEntry *entryPtrKid « NULL. * entry Ptr Key ID = NULL? 
iixt Kid; 

DString *dsptrKid; 

if (argc ! * 4) 
i 

Tcl_AppendResult (interp, argv[o), " directive: wrong number of "■ 

"arguments, should be \*4\" " , 

(char *) NULL) ; 
return TCL_ERROR ; 

) 

if (sscanf (argvUl » "Vd", fcKid) ! - 1) 

Tcl^AppendRe suit (interp, argv [01, 

" directive: KeylD must be an integer", 

M , value found was ' ■ f argv [2] , • ' ■ « 

<char *) NULL) ; 
return TCLJBfcROR; 

entryPtrKid = CreateHashZncry (ficTicketServerData . SecretsKid, (void *) Kid, &n 
if <strlen(argvU]>) 

entryPtrKeylD » CreateHashEntry ( &TicketServerData . KeylD, (void *) argv[l), 
if ((newKid 0 || ( [newKeylD -» 0) &6c strlen (argv [X] ) > ) 

{ 

Tcl_AppendResult ( interp , argv £o) , 

■ directive: Duplicate Secret specified for KeylD 

argvfl) . 
(char * J NULL) ; 
return TCL_ERROR; 

1 

if (strlen (argv (!])) 
{ 

dsptrKid = (DString M ma Hoc (sizeof {DString) ) ; 
DStringlnit (dsptrKid) ; 
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DStringAppendCdsptrKid, argvU] , -l) ; 

• 1 

SetHashValue{entryPtrK.id, dspcrKid) ; 
) 

SetHashValue(entryPtrKeyID, Kid); 

return TCL_OK; 

} 



/* 



* TICKET_Initialize ~" 

* I 

* Calls all the necessary routines to initialize the ticket subsystem 
* 

* Results: 

* None. 
* 

* Side effects-. 

* Commands added to the region interpreter. 

* SID url catcher declared. 

tr _ 

*/ 

int TICXET_Initialize{HTTP_Server &serverPtr. Tcl_Interp *interp) 
{ 

TicketServerData. ticketExtensionld - HT_RegisterExtension(serverPtr , 
"ticket 

InitHashTable (&TicketServerData . SecretsKid, TCL_ONE_WORI)JCEYS) ; 
InitHashTable (tTicketServerdata .KeyTD, TCL_STRING_KEYS) ; 
InitHashTable ( &TicketServerData . Domains , TCL_STRING_KEYS ) ; 

/* initialize Server ticket data */ 
DStringlnit <&TicketGlobalData <AuthServer) > ; 
DStringlnit UTicketGlobalData (TicketExpHandler) > 
DStringlnit <&TicketGlobalData (TicketAdrHandler)) ; 

TicketGlobalData (FreeArea) - 0; 

TicketGlobalData (EnableLocalAuth) * 0; 

TicketGlobalData (Current-Secret) - 0; 

TicketGlobalData (EnableSid) = 0; 

TicketGlobalData (EnableTicket) - 0,- 

TicketGlobalData < Enables idEater) - 0; 

TicketGlobalData < LocalAuthExp ) * 60*30; 



/* ticket event counters */ 
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TicketGlobalData (CountTptalUrl) 
TicketGlobalData (CountSidUrl } 
TicketGlobalData { Count ValidS id) 
TicketGlobalData (CountExpSid) 
TicketGlobalData (CountlnvalidSid) 
TicketGlobalData (CountCrossDoiaain) 
TicketGlobalData (CountLocalredirects) 
TicketGlobalData (CountRemoteRe directs) 
TicketGlobalData (CountNoRedirects) 
TicketGlobalData (CountDiscardedSidUrl ) 



m. 0; 
= 0; 



- 0; 



= 0; 



« 0; 
m 0 ; 
= 0; 



« 0; 



0; 



/* Ticket related Config commands */ 
Tel CreateCon»nand( interp, "Domain" , 



Doma inN ameCmd , 



(ClientData) serverPtr, NULL) ; 
Tc l_Create Command (in terp, "Secrets" , 

(ClientData) serverPtr, NULL); 



SecxetsCmd, 



Tcl_CreateCommand ( interp , ■ AutbenticationServer » , CradStringValue , 

(ClientData) &TicketGlobaLData(AuthServer) , NULL),* 
Tcl_CreateCommand (interp, -TicketExpirationHandler" , CmdStringValue, 

(ClientData) &Ti eke tGlobalData ( Ticket ExpHandler) , NULL) ; 
Tcl_CreateCommand (interp, "TicketAddressHandler" , CradStringValue, 

(ClientData) &Ti eke tGlobalData (TicketAdrHandler) , NULL) ; 
Tcl^CrcateCommand ( interp , "Free Domain" , CmdlntValue , 

(ClientData) &Ti eke tGlobalData (PreeArea) , NULL) ; 
Tcl_Create Command (interp, -EnableSidEater" , CmdlntValue , 

(ClientData) &Ti eke tGlobalData (Enables idEater) . NULL) ; 
Tcl_CreateCommand( interp, "EnableSid- , CmdlntValue, 

(ClientData) ^TicketGlobalData (EnableSid) , NULL) ; 
Tcl_CreateCommand ( interp, "EnableTicket" , CmdlntValue, 

(ClientData) ^TicketGlobalData (EnableTicket) , NULL) ; 
Tcl_CreateComraand{ interp, •EnableLocalAuth- , CmdlntValue, 

(ClientData) &T i eke tGlobal Data (EnableLocalAuth) , NULL) ; 
Tcl_CreateConiraand (interp, • Currents ecret" , CmdlntValue, 

(ClientData) &Ti eke tGlobalData (CurrentSecretK NULL) ; 
Tcl_CreateCoramand (interp, " LocalAuthExp- , CmdlntValue, 

(ClientData) &T± eke tGlobalData ( LocalAuthExp J , NULL) ; 

HT__AddMounthandler (serverPtr, (ClientData) NULL, TICKET__DebugHooks , 
"/cxniserver", NULL) ; 

return HT OK,- 
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* TICKET_Shutdown — . . 

* Calls all the necessary routines to shutdown the ticket subsystem. 
* 

* Results: 

* None. 

* 

* Side effects: 

* Memory freed 



• 

V 



void TICKET^Shutdowu (HTTP Server •serverPtr) 
{ 

HashEntry *entryPtr; 
HashSearch searcn; 
DString *dst:ring; 

DStriagFree < &Ti eke tGlobal Data (AuthServer) ) ; 
I3Stringrree(&TicketGlobalData(TicketExpHaixdlerJ ) ; 
DStringFree <&TicXetGlobalData CTicketAdrHandler) > ; 

entryPtr - FirstHashJEntry (&TicketServerData .SecretsKid. tsearch) ; 

while (entryPtr 1 - NULL) 
( 

dstring * GetHashValue (entryPtr) ; 

E>StringFree(dstxing'] / 
free (dstring) ; 

entryPtr « NextHasn£ntry£search) ; 
} 

DeleteHashTable(&TicketServerData. SecretsKid) ; 
DeleteHa 6 htable {&TicketSeirverData.KeyID} ; 
DeleteHashTable (&TicJcctServerData.Doniains) ; 
} 



* 



* T2CK£T_AddRegion Commands 
* 

Add TICKET region commands for authentication/authorization 



decisions. 
* Results: 



None 



(54) 1 1 -5 0 7 7 5 2 



Side effects; 

Commands added to the region interpreter. 



void TICKET_AddRegion Commands (HTTPRequeat TeqPtr. Tcl_Interp *interp) 

Tcl^CreateCommand(interp ( "RequireSID" , TICKET_ReqaireSidCmd, 

(ClientData) reqPtr, NULL.) ; 
Tcl^CreateConiinanddnterp, "RequireTickef . TICKET^RequixeTtcketCmd, 

(ClientData) reqPtr, KOLL) ? 

} 



* TICKET__GetCGlVariables 
* 

Add TICKET CGI variables to the CGI variable table 

* 

* Results: 

None . 

* Side effects: 

Extends the CGI variable hash table. 



4 . 



void TICKET GecCGIVariablee lHTTP_Request *reql 
{ 

TI CKET_Req\ies t *fcieketPtr - (TICK£T_Request *) 
HT_GetReqExtData (req . Tickets 

/• 

- If there- a no extension data, then we're not doing a ticket. Just 



return 



if (ticketPtr HULL) 
return) \ ; 
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if (DStringLength{fcticketPtr->ravUrl) • ■ 0) 

HT_AddCGIParameter(req. TICKET JJRL" . DStringValue ( tticketPtr- 

>rawurl ) , FA 

if (DStringLength (fcticketPtr- >sid) i» 0) 

KT AddCGIPararaeter<req, - TICKET_S I D ■ , DStringValue UticketPcr- 

>sid> , FALSE 

if (DStringLength(&ticketPtr->fields) 1=0) 

HT_AddCGI Parameter (req. "TICKET_FIELDS«, DStringValue ( tticketPtr- 

>f ields) . 

if {DStringLiength(&ticketPtr->fiignat.urc) !» 0) 

HT-AddCGIParameter<req, " TICKET__S I GNATURE ■ . DStringValue ( fcticketPt r- 

>signa 



♦TICKETJSetUrl 
* 

* Recurn the orignal url (with sid) 



* Results: 

* The URI* 
* 

* Side effects : 

None . 



V 

char * TICKET^GetUrl (KTTP_Request -reqPtr) 
I 

TICKET_Request *ticketPtr ; 

ticketPtr - ( TI CKET_ Reque s t *) 

KT GetReqExtData (reqPtr, TicketServerData . tickecExtensionld) 

if (UicketPtr != NOLI*) " 

(DStringLength(fcticketPtr>>rawUrl) ! = 0>) 

return DStringValue ( fcticketPtr- >rawurl) ; 

else 

return DStringValue ( treqPtr- >url> ; 

) 



* 



/ 



* TICKET_Conf igCheck 

Perform late configuration checks 
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* Results: 

.* 

* 

* Side effects: 

* Possible message loged /printed, and program exit'd. 
* 

* — _ — — 

*/ 

void TICKET_Con.f igCheckO 
{ 

HashEntry * entry Ptr; 
int kid; 

i£ { (Ti eke tGlobalDa tat Enables id) & -Oxl> !- -0) 
{ 

LrogMessage (LOG_ERR, "EnableSid must be 0 or 1°); 
exit <0); 

) 

if (! (TieketGlQbalData(EnabieSid) ) ) return; 

kid = TicketGlobalData(CorrentSecret) ; 
if (kid && kid_raask) !- kid) 
( 

LogMe s sage ( LOG - ERR ; "CurrentSecret *d is invalid", kid); 
exit (0) ; 

"J 

entryPtr « FindHashEntry (&Ti eke tServerDat a . Secret sKid, (void *> kid) ; 

if (entryPtr NULL) 
{ 

LogMessage{LOG_ERR) , "No secret defined for Cur rent Sec ret *d", kid, 
exit(0); 

if | (TicketGlobalData (FreeArea) & -0x255) !« 0) 
t 

LogMessage (LOG_err. "FreeArea must be between 0 and 255") ; 

exit(0); 

} 

if ( (TicketGlobalData (EnableSidTicket) & -0x1) 0) 
{ 

LogMe s sage (LOG_ERR, "Enables idTicket must be 0 or 1"); 

exit (0); . 

) 
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if < (TicketGlobalData (EnableTicket) & -0x1) !- 0) ; 
( 

LogMessage (LOG_ERR, "EnableTicket mast be 0 or 1*); 
exit (0) f 

1 

if { (Tic ketGlobalData (Enable LocalAuth) & -0x1) ! «= 0) 

{ 

LogMessage(LOG_ERR, "EnablLocalAuth must be 0 or 1*) ; 
exit (0) ; 

} 

) 



T I CKET_De bug Hooks 

Check for debug hooks and execute if found 



Results : 

* None . 
* 

* Side Effects 

* None . 
* 



tatic void TICKET^ DcbugHooks ( Client Data clientData, char *suffix, 

HTTP_Reguest "reqPtr) 

I 

if (strcmp (suffix, ■ /ticketstatus" ) 0> 
{ 

DumpStatus (reqPtr) ; 
HT_FinishRequest ( reqPtr ) ; 
return; 

) 

KTTP_Error (reqPtr , NOT_FOCND, "access denied due to poorly formed url") ; 
HTJFinishRequest (reqPtr) ; 
return ; 

J 

/* 

* — — — — ~ 



DumpS tat us 

Dump the server's ticket stat's 



(58) 1 1 -5 0 7 7 



* Results: 

* None . 

* Side effects 

* None . 



*/ 

#define BUFSIZE 1024 

static void DutnpStatus {HTTP_Request *reqPtr) 

{ 

HTTP_Server *BerverPtr ~ reqPtr- >serverPtr; 
char tmp [BUFSIZE] , timeStr {BUFSIZE] ; 
struct utsname sysinf o; j 
t ime_t uptime; 
int hours; 

HTTP_BeginHeader (reqPtr, "20 0 OK) ; 

HTTP_SendHeader { reqPtr, - Content- type : text/btml " , NULL) ; 
HTTP_JEndHeader ( reqPtr) ; 

HTTP_Send< reqPtr, "<etitle>WebServer Ticket Status*:/ 1 it leai" , 

"<hl>WebServer Ticket Status < /hl> : , NULL); 

HTTP_Send( reqPtr, "<p><hr>xp><h2>Ticket Log</h2>", "cpxpreAn", NULL); 

sprintf (trap, ■ <b>*s: </h> %d\n", "Number of access ■ . Ticket 

KTTP_S end (reqPtr , tmp, NULL) ; 

sprintf (tmp, ** <b>%s: </b> Vd\n". -Number of SID URL* s -/Ticket 
KTTP_Send ( reqPtr , tmp, NULL) ; 

sprintf (tmp. " <b>%s: </b:> Vd\n:, "Number of Valid SID* s ". Ticket 

HTTP ) Send ( reqP t r , tmp , NULL ) ; 

sprintf (tmp, " <b>Vs: </b> Vd\n: ( "Number of Expired SID's " , Ticket 
HTTP) Send ( reqPtr , tmp, NULL) ; 

sprintf [trap, » <b>*s: </b> Vd\n:, "Number of Invalid SID's " , Ticket 
HTTP) Send (reqPtr/ tmp, NULL) ; 

sprintf (tmp, ■ <b>%s; </b> Vd\n:, "Number of XDomain accesses *, Ticket 
HTTP) Send (reqPtr, tmp, NULL) 

sprintf (tmp, " <:b>*s: </b> Vd\n : , 'Number of Local Redirects » . Ticket 
HTTP) Send (reqPtr. tmp, NULL! ; 

sprintf (tmp, ■ cb>Vs -. </b> *d\n : , "Number of Remote Redirects ", Ticket 
HTTP) Send (reqPtr, tmp, NULL) ; 

sprintf (tmp, p <b>%s: </b> %d\n:, "Number of No Auth servers « , Ticket 
HTTP_Send (reqPtr, tmp, *c/pre>" r NULL) ; 



uptime ~ time (NULL) = serverPcr->starced; 
uname (tsysinf o) ; 
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striftirae(timeStr, BOFSIZE. **X. Vd-Vb-*y VT« , 
localtime (serverPtr- >startedj ) ; 

springf (tutp, "Server runing on <d>Vs</b> (*s *s) port *d, has been up \ 

since Vs.<p> m , eys inf o .nodename, sysinfo.sysname. 
sysinfo .release, scrverPtr- >server j)ort , timeStr) ; 
HTTP_Send(reqPtr, tmp. NULL) ? : 

sprint f (Unp, . " <b>Number of connections: </b> *d\n*, 

serve rPtr->numConnects) ; 
HTTP_Send(reqPtr, tmp, n <pxpre>\ii" , tinp, NOLL) ; 
sprint f (tmp, * <b>tfumber of HTTP requests: </b> *d\n"/ 

HTTP_Send(reqPtr, tmp, s </pre><p>", NULL) ,- 

hours - max (uptime / 3600, 1) ; 

spriut£ (tamp, "This server is averaging <b>Vd</b> requests per hour.<p>", 

eerver"Ptr->numRe quests /hours) ; 
HTTP_Send<reqPtr, tmp . NULL) ; 

DumpRusage (reqptr) ; 
/* DumpCoimections(reqPtr) ; */ 

DNS^Dun^Stats ( reqPtr ) ; 

HTTP_Send (reqptr, • ^xhrxaddxess^" , DStringValue (&ht_serverSof tware) , 
•</address>\n", NULL) ; 

reqPtr->done = TRUE ; 

} 

Uundef BUFSI2E 
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